Legal Hold for AWS environments 

With the exponential growth of data in recent years, we have seen that the necessity of data preservation is driving organizations to create new processes and procedures. At the same time, third-party vendors are developing new technologies that allow organizations to preserve data for eDiscovery, legal hold, governance and compliance purposes.

With legal hold, for example, you can preserve user backup data and avoid data deletion. Wikipedia describes this as:

A legal hold is a process that an organization uses to preserve all forms of potentially relevant information when litigation is pending or reasonably anticipated. 

In this process, Electronically Stored Information (ESI) to be collected and preserved can be broadly classified into:

  • Custodian data: email, personal storage on hardware devices or cloud accounts, social networking sites, tablets, smartphones
  • Non-Custodian data: databases, cloud storage, shared storage

Enterprises that use Amazon Web Services (AWS )services for compute, databases and storage like Amazon EC2, Amazon RDS, Amazon EBS volumes and Amazon S3, etc are required to collect and preserve data in the event of litigation. 

AWS supports legal holds on Amazon S3 object (versions) but NOT on Amazon EC2/EBS volumes and databases. In order to place an S3 object on legal hold, the following actions need to be taken

  • Enable object lock at the time of S3 bucket creation. 
  • Enable object version and object lock on the desired object.
  • Enable Legal holds on each object version.

Details on S3 legal hold retention settings and permissions are in AWS documentation

A legal hold may require preserving data across multiple servers (potentially in different AWS accounts and regions). In order to achieve that in AWS:

  • Identify the EC2 instances with the data that is required for legal hold
  • In case of EBS volumes, copy EBS volumes data to S3 bucket by using S3 CLI copy or sync
  • Configuring S3 bucket(s) for object lock.
  • Enabling legal hold on each object version
  • Using AWS TAGs on the objects with legal hold identifiers (case name etc) could simplify management.
  • Finally tracking legal hold objects and generating chain of custody reports.

This involves significant management overhead and at scale could pose a challenge. Druva CloudRanger offers a simplistic approach to creating legal holds on Amazon EC2 and RDS instances.

Here is how you can simply create legal holds: 

Add an AWS account to Druva CloudRanger that will store copies of data isolated from the primary AWS accounts with resources

  • Select the option “Setup as a legal hold account”. 
  • Having a separate account will allow you to restrict the account privileges to only the legal team.

setup legal hold


Create a legal hold 

  • Once the legal hold account has been added to CloudRanger, add your account admins.
  • Account admins can now create legal holds and collect data of Amazon EC2 instances or EBS volumes or RDS instance from any AWS accounts under CloudRanger management.
  • Create any number of legal holds within the account

create legal hold policy


Select resources that have data to be preserved

  • Select Amazon EC2/EBS or RDS instances based on Instance Id’s or AWS TAGs to place on legal hold.
  • Options to define a one time or scheduled collection of data can be defined in the policy.
  • Legal hold policy will create a snapshot (i.e backup) of the instances and copy the data to a legal hold account.
  • Backups will be stored in the same region as the source instances for data residency requirements.

legal hold instances


View backups on legal holds

  • Legal hold data can be viewed from the console 

Data on legal holds can be accessed via APIs

What next?
  • Extending File level Search (FLS) capabilities to legal holds to simplify culling of data.
  • Support for S3 Object legal hold
  • Extending Druva’s out of box integrations with eDiscovery solutions to CloudRanger legal hold.
Interested to try it out?

Click here to start a free 14-day trial and let us know your feedback!


This entry has 0 replies

Comments are closed.